I've reproduced the issue. If you have a username and password that you can use
with that server and you plug those into the SMTP settings it might start
working. However for the case where you don't have a username/password but you
DO want STARTTLS then it's broken.
So I fixed that and tried it again and the SSL library spat the dummy when it
tried to negotiate a secure connection and failed with some unreadable error
message. Maybe the version of OpenSSL I have is too old.
Let me know how you go with the username/password.

(In reply to comment #1)
> If you have a username and password that you can use
> with that server and you plug those into the SMTP settings it might start
> working.
It is not the case. I have authentication turned on as well as encryption.
Additionally on server side there is postfix option "smtpd_tls_auth_only"
turned on, to disallow sniffable authentication. And with these settings b26
works well, whereas b28 doesn't.
I remind you that your mail account on my server is still valid, so you can
inspect connection with the same conditions.

I'm revisiting this at the moment and none of the test accounts I have from you
are working. None of the hosts respond. Can you forward me an account that
Scribe fails on?
The accounts I have all work.

Actually fixed something.
Turns out the when you switch on non-blocking sockets in OpenSSL, it's
permanent, and you can't switch back to blocking later (which I was trying to
do). I want non-blocking for the connect (so I can cancel it if needed), but
blocking for the rest of the connection. The change to non-blocking is evident
between beta26 and beta28 when I diff'ed the svn versions of the SSL code.
So I have had to apply non-blocking loops to most (all?) the calls to the
various read/write functions. This also buys me the ability to pick the timeout
on socket connections.
I've tested with your 587 port SMTP server using STARTTLS and it's working.
It's not extensively tested but it is a lot better than the beta28's outright
fail. I will continue to test the SSL code over the next week or so and
re-release if needed to sort out any new bugs.
You sir, deserve a beer (or nice drink of choice)! for putting up with my crap.